Networking Cisco

PPP

Point-to-Point Protocol for establishing direct connections between two network nodes over serial links with authentication

PPP (Point-to-Point Protocol)

  • Layer 2 data link protocol designed for direct connections between two network nodes over serial links
  • Replaced older protocols like SLIP (Serial Line Internet Protocol) by adding authentication, error detection, and multi-protocol support
  • Encapsulates Layer 3 packets (IP, IPX, AppleTalk) for transmission over point-to-point links
  • Commonly used on WAN connections like T1/E1 lines, DSL, and dial-up connections

PPP Components

  • LCP (Link Control Protocol): Establishes, configures, and tests the data link connection
  • NCP (Network Control Protocol): Handles Layer 3 protocol configuration (IPCP for IP, IPXCP for IPX)
  • Authentication Protocols: PAP and CHAP for verifying peer identity

PPP Session Establishment Process

  1. Link Dead Phase: Physical layer connection not established
  2. Link Establishment Phase: LCP negotiates link parameters (MTU, compression, authentication)
  3. Authentication Phase: Optional PAP or CHAP authentication (if configured)
  4. Network Layer Protocol Phase: NCP configures Layer 3 protocols
  5. Link Open Phase: Data transmission begins
  6. Link Termination Phase: Connection gracefully closed

Authentication Methods

Method Security Level Process Use Case
PAP Low Sends username/password in clear text Legacy systems only
CHAP Medium Uses MD5 hash challenge/response Modern WAN links
MS-CHAP Medium Microsoft’s CHAP variant Windows environments

PPP vs HDLC Comparison

Feature PPP HDLC
Authentication PAP/CHAP supported None
Multi-protocol Yes (IP, IPX, etc.) Cisco proprietary only
Error Detection Built-in Basic
Compression Supported Limited
Standardization RFC 1661 ISO standard, Cisco implementation

PPP Configuration Commands

  • encapsulation ppp - Enable PPP on serial interface
  • ppp authentication chap - Enable CHAP authentication
  • ppp authentication pap - Enable PAP authentication
  • username <name> password <password> - Configure authentication credentials (global config)
  • ppp multilink - Enable multilink PPP for bandwidth aggregation

Vocabulary

  • LCP: Link Control Protocol - negotiates PPP connection parameters
  • NCP: Network Control Protocol - configures Layer 3 protocols over PPP
  • PAP: Password Authentication Protocol - clear text authentication
  • CHAP: Challenge Handshake Authentication Protocol - encrypted authentication
  • MTU: Maximum Transmission Unit - largest packet size for the link
  • Multilink PPP: Combines multiple physical links into one logical link for increased bandwidth

Notes

  • PPP is only used on point-to-point links - cannot be used on multi-access networks like Ethernet
  • CHAP authentication occurs every few minutes during the session, not just at startup (unlike PAP)
  • PPP automatically detects and configures network layer protocols through NCP negotiation
  • Multilink PPP requires identical link speeds and proper load balancing configuration
  • Default MTU for PPP is 1500 bytes (same as Ethernet) but can be negotiated during LCP phase
  • PPP provides better error detection than HDLC through its built-in Frame Check Sequence (FCS)
  • Always use CHAP over PAP in production environments due to security concerns with clear text passwords
  • PPP over Ethernet (PPPoE) is commonly used by ISPs for DSL connections to provide authentication and billing capabilities